First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

What every business owner needs to know about whaling attacks

Hacking attempts are more prominent than ever before. A Panda Security study found that 27% of all malware in existence was created in 2015 alone. There is a hacking attack every 39 seconds, and cybercrime is even more profitable than the illegal drug trade.

These are unfortunate statistics for business owners of all sizes. A survey from IBM found that 66% of surveyed business owners who were hacked weren't confident that they could recover from it. And the fact is, some businesses don't recover at all, proving that breaches can be crippling.

Whaling is a type of phishing attack that involves the impersonation of a high-profile employee, like a CEO or business owner. These types of attacks are targeted, usually with the goal to extract money from the company by sending fake emails to staff that permit money transfers or data exchanges. Whaling is so effective because the end-recipient believes the email is legitimate and proceeds to follow instructions. Here's what you should know about this growing hacking strategy:

Whaling is on the Rise

More and more companies are falling victim to hacking attacks. In fact, the dramatic rise of whaling attacks prompted the Phoenix division of the FBI to issue a warning to business owners regarding these business email scams.

"The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor," the statement reads. "They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy."

Even big companies have fallen victim. In a blog post published by Snapchat, the company admitted to compromising employee data after one staff member in the payroll department fell for a whaling scam that involved an email supposedly sent from the CEO. And in London, many startups were targeted in a series of phishing scams that impersonated CEOs.

Social Media Plays a Role

Social media can be a phenomenal foundation for a successful whaling attack. As previously mentioned, a high level of research goes into executing an attack of this caliber. Social networking sites are particularly useful. Remember, whaling isn't automated: it's carried out by sophisticated hackers who learn enough about the intended victims to pull it off. Platforms like LinkedIn are also used to obtain additional details about a person. For this reason, it's important for you to discuss social sharing rules with your team, decreasing the chance of revealing information that a hacker could potentially leverage.

Difficult to Detect

One of the reasons why whaling is a go-to tactic for hackers is because the target is heavily researched, and this personalized level of hacking can go pretty far for unknowing recipients. In fact, one McAfee quiz presented visitors with 10 email messages, which included a mix of real emails and phishing emails. Eight percent of participants could not detect at least one out of seven.

Knowing that whaling is an increasing hacking strategy, it's important for business owners to set up standard practices that help employees identify potential threats—even if the email appears to be coming from the CEO. Security awareness training and mock phishing tests are musts.

Companies that Wire Transfer Are at Higher Risk

To be clear, whaling can happen to any business—startups, non-profits, and corporations have all been targeted in the past. However, businesses that regularly conduct wire transfers, such as businesses that deal with many foreign suppliers, are at a higher risk for whaling fraud. This level of fraud has amounted to billions of dollars in losses.

Case in point: In March 2015, a finance executive at Mattel was scammed into wiring $3 million to a bank in China. Although wire transfers require two signatures, the first signature had been provided by the faux CEO, and the executive provided the second for approval. As you can see, the level of research had to be top-notch for a sophisticated execution. Hackers researched how payment operations at Mattel work, and took to social media to identify high-ranking executives to target.

 

This article was written by SmallBizViewpoints from Small Biz Viewpoints and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Subscribe for Insights

Subscribe